From owner-freebsd-chat@FreeBSD.ORG Sat Nov 15 20:57:22 2003 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3400A16A4CE for ; Sat, 15 Nov 2003 20:57:22 -0800 (PST) Received: from purple.the-7.net (purple.the-7.net [207.158.28.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id C383D43F85 for ; Sat, 15 Nov 2003 20:57:20 -0800 (PST) (envelope-from ab@astralblue.net) Received: from astralblue.net (adsl-68-123-46-151.dsl.pltn13.pacbell.net [68.123.46.151]) by purple.the-7.net (8.12.9p2/8.12.9) with ESMTP id hAG4x2KF022220; Sat, 15 Nov 2003 20:59:03 -0800 (PST) (envelope-from ab@astralblue.net) Message-ID: <3FB703A8.7020607@astralblue.net> Date: Sat, 15 Nov 2003 20:57:12 -0800 From: =?UTF-8?B?IkV1Z2VuZSBNLiBLaW0g6rmA66+87ISxIg==?= User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Terry Lambert References: <20031112091032.GA4425@cactus> <3FB3758A.9B52625D@mindspring.com> <3FB3B4FB.1050304@astralblue.net> <3FB4A095.AF27549F@mindspring.com> <3FB5524E.30107@astralblue.net> <3FB6AE08.98235EF4@mindspring.com> In-Reply-To: <3FB6AE08.98235EF4@mindspring.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.7 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.60 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on purple.the-7.net cc: chat@freebsd.org Subject: Re: xscreensaver bug? X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Nov 2003 04:57:22 -0000 (Redirected to chat@) Terry Lambert wrote: >"Eugene M. Kim" wrote: > >>Validating a root password is possible with other means in many cases, if not always. OpenSSH sshd is a good example. Even with PermitRootLogin set to no, the attacker can differentiate whether the password has been accepted or not. >> > >That's because the software in question sucks, not because it's a >natural property of all such software. > Sorry, but no matter how much sshd sucks, we currently have it. It's even enabled by default. =) The assumption that unprivileged users won't be able to verify the root password is therefore dangerous, unless the administrator took additional security precautions (e.g. disabling sshd). >>If attacker is able enough, he could also run a hacked version of Xnest on port 6000+N and the real xscreensaver on :N.0 for a suitable N. Attacker would feed the real xscreensaver with the captured password and see if the real xscreensaver releases the server grab. >> > >Yeah, and any user on the system could put up a trojan that put up a window that pretended to be the login screen instead of a screen saver, since that would be much easier, and harvest passwords that >way, instead, after pretending the first login failed. > >I don't really see your point... any time you have more than one user using the same console, it's possible to create a trojan. > My point is that the root password, or any replayable password, shouldn't be entered on such insecure terminals. (Did someone say... OPIE? XD) All in all, it does seem that the feature of xscreensaver (that lets the root password to unlock someone else's xscreensaver) is dangerous, because there's no such thing as someone else's xscreensaver that root can trust. Eugene P.S. The `Press Ctrl-Alt-Del to log on' feature of Windows 2000/XP is indeed one cool security feature. It assures the user that the login window is not an unprivileged trojan. =)